Difference between revisions of "Security/Bruteforce"

Revision as of 16:24, 20 February 2013

In order to prevent bruteforce attacks on passwords to meaures are implemented

Configuration options for Maximum number of login retries are

After the defined amount of retries have been reached, the user account is suspended.

There is an option for automatic password reset (password is sent to user).

Detection of spread attacks are implemented by registering the number of failed login attempts during a defined amount of time.

If a certain threshold is passed, the server will temporaryly deny further login attempts, for a defined aamout of time.

During this period the server will function normally for allready logged in users.

Configuration options for Brute force detection are

@@ Line 3: / Line 3: @@
 * Detection of spread attacks across multiple accounts
+== Maximum login retries ==
+Configuration options for Maximum number of login retries are
+After the defined amount of retries have been reached, the user account is suspended.
+There is an option for automatic password reset (password is sent to user).
+http://tempusserva.dk/mediawiki/index.php?title=Policy_reference#Security
+== Brute force detection ==
 Detection of spread attacks are implemented by registering the number of failed login attempts during a defined amount of time.
@@ Line 10: / Line 20: @@
 During this period the server will function normally for allready logged in users.
-Configuration options for Maximum number of retries are
-http://tempusserva.dk/mediawiki/index.php?title=Policy_reference#Security
 Configuration options for Brute force detection are
 http://tempusserva.dk/mediawiki/index.php?title=Policy_reference#Protection